Debian
syslog-ng package

  1. Bug #183389
  2. Comment #6

Comment 6 for bug 183389

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package syslog-ng - 2.0.0-1ubuntu1.1

---------------
syslog-ng (2.0.0-1ubuntu1.1) gutsy-security; urgency=low

  * SECURITY UPDATE: Allows remote attackers to cause a denial of service
     (crash) via a message with a timestamp that does not contain a trailing
     space, which triggers a NULL pointer dereference.
  * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
     in log message parsing, as done in upstream RCS
  * References:
    - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
  * Closes lp: #183389

 -- <email address hidden> (Cody A.W. Somerville) Tue, 15 Jan 2008 20:21:54 -0400